Logging Flaw Allows Attackers to Read Sensitive Data via Login Function
CVE-2023-51712

4.7MEDIUM

Key Information:

Vendor
Trusted Firmware-M
Status
Trusted Firmware-m
Vendor
CVE Published:
5 September 2024

Summary

An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.